security/intel/txt: Create Intel TXT lib with helper functions
This patch decouples useful TXT related operations from the romstage.c file alone and moves them into a helper txtlib.c. This effort will be helpful for SoC users to perform TXT related operations (like Disabling TXT) even without selecting INTEL_TXT config. At present, those helper functions are only available upon selecting INTEL_TXT which is not getting enabled for most of the SoC platform in the scope of the Chromebooks. TEST=Able to access functions from txtlib.c even without selecting INTEL_TXT config. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
This commit is contained in:
Subrata Banik
Sridhar Siricilla
parent
d292c4f0ea
commit
6a2495d8d9
|
|
@ -1,8 +1,17 @@
|
|||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
config INTEL_TXT_LIB
|
||||
bool
|
||||
default n
|
||||
help
|
||||
This option includes library functions related to the TXT
|
||||
operation which SoC would still like to access without enabling
|
||||
INTEL_TXT config.
|
||||
|
||||
config INTEL_TXT
|
||||
bool "Intel TXT support"
|
||||
default n
|
||||
select INTEL_TXT_LIB
|
||||
select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS
|
||||
select ENABLE_VMX if CPU_INTEL_COMMON
|
||||
select AP_IN_SIPI_WAIT
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
romstage-$(CONFIG_INTEL_TXT_LIB) += txtlib.c
|
||||
|
||||
ifeq ($(CONFIG_INTEL_TXT),y)
|
||||
|
||||
all-y += logging.c
|
||||
|
|
|
|||
|
|
@ -4,52 +4,15 @@
|
|||
#include <console/console.h>
|
||||
#include <cpu/intel/common/common.h>
|
||||
#include <cpu/x86/cr.h>
|
||||
#include <cpu/x86/msr.h>
|
||||
#include <device/mmio.h>
|
||||
#include <southbridge/intel/common/pmbase.h>
|
||||
#include <timer.h>
|
||||
#include <types.h>
|
||||
|
||||
#include <security/tpm/tis.h>
|
||||
|
||||
#include "txt.h"
|
||||
#include "txtlib.h"
|
||||
#include "txt_register.h"
|
||||
#include "txt_getsec.h"
|
||||
|
||||
static bool is_establishment_bit_asserted(void)
|
||||
{
|
||||
struct stopwatch timer;
|
||||
uint8_t access;
|
||||
|
||||
/* Spec says no less than 30 milliseconds */
|
||||
stopwatch_init_msecs_expire(&timer, 50);
|
||||
|
||||
while (true) {
|
||||
access = read8((void *)TPM_ACCESS_REG);
|
||||
|
||||
/* Register returns all ones if TPM is missing */
|
||||
if (access == 0xff)
|
||||
return false;
|
||||
|
||||
if (access & TPM_ACCESS_VALID)
|
||||
break;
|
||||
|
||||
/* On timeout, assume that the TPM is not working */
|
||||
if (stopwatch_expired(&timer))
|
||||
return false;
|
||||
}
|
||||
|
||||
/* This bit uses inverted logic: if cleared, establishment is asserted */
|
||||
return !(access & TPM_ACCESS_ESTABLISHMENT);
|
||||
}
|
||||
|
||||
static bool is_txt_cpu(void)
|
||||
{
|
||||
const uint32_t ecx = cpu_get_feature_flags_ecx();
|
||||
|
||||
return (ecx & (CPUID_SMX | CPUID_VMX)) == (CPUID_SMX | CPUID_VMX);
|
||||
}
|
||||
|
||||
static bool is_txt_chipset(void)
|
||||
{
|
||||
uint32_t eax;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,46 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
|
||||
#include <arch/cpu.h>
|
||||
#include <cpu/intel/common/common.h>
|
||||
#include <cpu/x86/msr.h>
|
||||
#include <device/mmio.h>
|
||||
#include <security/intel/txt/txt.h>
|
||||
#include <security/tpm/tis.h>
|
||||
#include <timer.h>
|
||||
|
||||
#include "txtlib.h"
|
||||
#include "txt_register.h"
|
||||
|
||||
bool is_establishment_bit_asserted(void)
|
||||
{
|
||||
struct stopwatch timer;
|
||||
uint8_t access;
|
||||
|
||||
/* Spec says no less than 30 milliseconds */
|
||||
stopwatch_init_msecs_expire(&timer, 50);
|
||||
|
||||
while (true) {
|
||||
access = read8((void *)TPM_ACCESS_REG);
|
||||
|
||||
/* Register returns all ones if TPM is missing */
|
||||
if (access == 0xff)
|
||||
return false;
|
||||
|
||||
if (access & TPM_ACCESS_VALID)
|
||||
break;
|
||||
|
||||
/* On timeout, assume that the TPM is not working */
|
||||
if (stopwatch_expired(&timer))
|
||||
return false;
|
||||
}
|
||||
|
||||
/* This bit uses inverted logic: if cleared, establishment is asserted */
|
||||
return !(access & TPM_ACCESS_ESTABLISHMENT);
|
||||
}
|
||||
|
||||
bool is_txt_cpu(void)
|
||||
{
|
||||
const uint32_t ecx = cpu_get_feature_flags_ecx();
|
||||
|
||||
return (ecx & (CPUID_SMX | CPUID_VMX)) == (CPUID_SMX | CPUID_VMX);
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
|
||||
#ifndef SECURITY_INTEL_TXT_LIB_H_
|
||||
#define SECURITY_INTEL_TXT_LIB_H_
|
||||
|
||||
#include <types.h>
|
||||
|
||||
bool is_establishment_bit_asserted(void);
|
||||
|
||||
bool is_txt_cpu(void);
|
||||
|
||||
#endif /* SECURITY_INTEL_TXT_LIB_H_ */
|
||||
Loading…
Reference in New Issue